Skip to content

Commit

Permalink
Try to redirect back on unauthorized accesses
Browse files Browse the repository at this point in the history 
Only when the `redirect_back_on_unauthorized` preference
exists and is set to true.

This preference has been introduced in core with solidusio/solidus#3118
and we can rely on that preference to drive the behavior change here
as well.

The extra

	if Spree::Config.respond_to?(:redirect_back_on_unauthorized)

check might seem useless but it's needed to avoid printing this
deprecation warning on Solidus versions that still do not have
the preference.

If the Solidus verion used does not have the preference yet, the old
behavior will be preserved.
  • Loading branch information
@kennyadsl
kennyadsl committed Oct 7, 2020
1 parent 1f329b5 commit ff57ff5
Show file tree
Hide file tree
Showing 3 changed files with 107 additions and 16 deletions.
47 changes: 43 additions & 4 deletions lib/spree/auth/engine.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,26 +26,65 @@ class Engine < Rails::Engine
ApplicationController.include Spree::AuthenticationHelpers
end

def self.redirect_back_on_unauthorized?
return false unless Spree::Config.respond_to?(:redirect_back_on_unauthorized)

if Spree::Config.redirect_back_on_unauthorized
true
else
Spree::Deprecation.warn <<-WARN.strip_heredoc, caller
Having Spree::Config.redirect_back_on_unauthorized set
to `false` is deprecated and will not be supported in Solidus 3.0.
Please change this configuration to `true` and be sure that your
application does not break trying to redirect back when there is
an unauthorized access.
WARN

false
end
end

def self.prepare_backend
Spree::Admin::BaseController.unauthorized_redirect = -> do
if try_spree_current_user
flash[:error] = I18n.t('spree.authorization_failure')
redirect_to spree.admin_unauthorized_path

if Spree::Auth::Engine.redirect_back_on_unauthorized?
redirect_back(fallback_location: spree.admin_unauthorized_path)
else
redirect_to spree.admin_unauthorized_path
end
else
store_location
redirect_to spree.admin_login_path

if Spree::Auth::Engine.redirect_back_on_unauthorized?
redirect_back(fallback_location: spree.admin_login_path)
else
redirect_to spree.admin_login_path
end
end
end
end


def self.prepare_frontend
Spree::BaseController.unauthorized_redirect = -> do
if try_spree_current_user
flash[:error] = I18n.t('spree.authorization_failure')
redirect_to spree.unauthorized_path

if Spree::Auth::Engine.redirect_back_on_unauthorized?
redirect_back(fallback_location: spree.unauthorized_path)
else
redirect_to spree.unauthorized_path
end
else
store_location
redirect_to spree.login_path

if Spree::Auth::Engine.redirect_back_on_unauthorized?
redirect_back(fallback_location: spree.login_path)
else
redirect_to spree.login_path
end
end
end
end
Expand Down
38 changes: 32 additions & 6 deletions spec/controllers/spree/admin/base_controller_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,45 @@
def index; authorize!(:read, :something); end
end

before do
stub_spree_preferences(Spree::Config, redirect_back_on_unauthorized: true)
end

context "when user is logged in" do
before { sign_in(create(:user)) }

it "redirects to unauthorized path" do
get :index
expect(response).to redirect_to(spree.admin_unauthorized_path)
context "when http_referrer is not present" do
it "redirects to unauthorized path" do
get :index
expect(response).to redirect_to(spree.admin_unauthorized_path)
end
end

context "when http_referrer is present" do
before { request.env['HTTP_REFERER'] = '/redirect' }

it "redirects back" do
get :index
expect(response).to redirect_to('/redirect')
end
end
end

context "when user is not logged in" do
it "redirects to login path" do
get :index
expect(response).to redirect_to(spree.admin_login_path)
context "when http_referrer is not present" do
it "redirects to login path" do
get :index
expect(response).to redirect_to(spree.admin_login_path)
end
end

context "when http_referrer is present" do
before { request.env['HTTP_REFERER'] = '/redirect' }

it "redirects back" do
get :index
expect(response).to redirect_to('/redirect')
end
end
end
end
Expand Down
38 changes: 32 additions & 6 deletions spec/controllers/spree/base_controller_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,45 @@
def index; authorize!(:read, :something); end
end

before do
stub_spree_preferences(Spree::Config, redirect_back_on_unauthorized: true)
end

context "when user is logged in" do
before { sign_in(create(:user)) }

it "redirects to unauthorized path" do
get :index
expect(response).to redirect_to(spree.unauthorized_path)
context "when http_referrer is not present" do
it "redirects to unauthorized path" do
get :index
expect(response).to redirect_to(spree.unauthorized_path)
end
end

context "when http_referrer is present" do
before { request.env['HTTP_REFERER'] = '/redirect' }

it "redirects back" do
get :index
expect(response).to redirect_to('/redirect')
end
end
end

context "when user is not logged in" do
it "redirects to login path" do
get :index
expect(response).to redirect_to(spree.login_path)
context "when http_referrer is not present" do
it "redirects to login path" do
get :index
expect(response).to redirect_to(spree.login_path)
end
end

context "when http_referrer is present" do
before { request.env['HTTP_REFERER'] = '/redirect' }

it "redirects back" do
get :index
expect(response).to redirect_to('/redirect')
end
end
end
end
Expand Down

0 comments on commit ff57ff5

Please sign in to comment.